It is difficult to protect your system from ransomware

In recent years, it has become more common to see reports that computers of Japanese companies and hospitals have been infected with ransomware.

Ransomware is a type of computer program called malware that causes problems or disadvantages to Internet devices.

When infected, data stored in the device and in the hard disk connected to the device has been encrypted and unable to be viewed or used normally.

Then, you will receive a message requesting a large amount of money for the decryption key to decrypt the encryption. The program is called ransomware because it is a program that holds data hostage and demands a ransom.

In many such cases, when you open an email attachment you received, your device has become infected.

Sometimes we see a warning message that says, “Don’t open a suspicious email.” In recent years, however, it has become very difficult to identify a ransomware attack email because the attacker does not send mass mails to an unspecified large number of people, but uses a trick called “targeted attack ransomware,” in which the attacker targets a victim and uses a seemingly normal message and an frequent sender’s name so that the victim may not doubt it.

In addition, owing to the recent globalization of corporate activities, overseas branches and supply chains that have weak security may be targeted, even though the security of the headquarters is solid.

If a computer of one of the affiliates has become infected, which will be regarded as an incident for the headquarters, it in turn will become difficult for the company to continue business.

Additionally, in recent years, there is an increase in the number of cases in which hospitals are targeted overseas and in Japan. Behind this is the advanced Electronic Medical Record (EMR) system.

An EMR system is highly convenient. For this reason, if the record has been encrypted and unavailable, the hospital’s activities will stop completely. Nevertheless, the hospital cannot stop treatment for patients. So, the attacker would think the hospital will have to pay a ransom.

It is important to set up a system to ensure business continuity even after infection

To cope with this threat, companies have been introducing security measures such as strengthening security management and conducting cyber training on a regular basis.

But keep in mind that there is no perfect security technology. No matter what kind of security technology you use, the attacker will find and take advantage of a loophole.

Therefore, it is important to take multiple measures, rather than relying on a single specific security technology.

In addition, it is important to have a system in place to ensure business continuity in case of infection of ransomware.

For example, you should delete historical and other unnecessary files, and back up important files and store them in a closed environment.

Our research team is conducting logistic regression analysis to predict cyber risk as the probability of incidents caused by various factors.

We have found, for example, how the probability of receiving an incident differs when a certain security measure is taken or not, or how much the probability of an incident will decrease if both A and B measures are taken together.

We also analyze primary factors on the business operators and visualize them numerically, proving that the higher the number of employees, the higher the probability of an incident, and the higher the number of customers, the greater the impact of an incident.

We hope that you will use this knowledge as a basis for choosing a more valid and effective security technology that meets your requirements.

Next time, I will explain about targeted advertising using the browsing history of a website.

Information noted in the articles and videos, such as positions and affiliations, are current at the time of production.